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WHAT IS CLAIMED IS: 



1 . A method of determining an output sequence of states in a finite state 
machine from an at least one input start state to an at least one input goal state, 

5 performed by a data processing system having a memory, comprising the steps 
of: 

determining an overapproximated path through the finite state machine, 
from an at least one first start state to an at least one first goal state, using a 
formal method, wherein the formal method is applied to a matrix comprised of 
10 state sets, the matrix being organized by time-steps along a first dimension and 
by partitions of state bits along a second dimension; 

determining a formally constrained underapproximated path that lies along 
p the overapproximated path, the constrained path being of at least one time-step 
y and comprising at least one state of the finite state machine; 
ffl 15 combining the constrained underapproximated path with the output 

m sequence of states such that an updated output sequence of states and an 
^ updated at least one first start state are determined; 

D ending a search, if the updated output sequence of states comprises at 

\s least one state of the at least one input start state and the at least one input goal 
p 20 state, but otherwise repeating the above steps. 

fU 

2. The method of claim 1 , wherein determining the overapproximated path is 
performed by a first process that is independent of a second process for 
determining of the formally constrained underapproximated path. 

25 

3. The method of claim 2, wherein the first process and second process exist 
concurrently, 

4. The method of claim 2, wherein the first process spawns the second 
30 process. 
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5. The method of claim 2, wherein the repeating of steps is accomplished by 
spawning additional independent processes. 

6. The method of claim 2, wherein the first process spawns a third process 
5 for determining a second overapproximated path that comprises the 

overapproximated path of the first process. 

7. The method of claim 2, wherein the second process spawns a third 
process for determining a second constrained underapproximated path. 

10 

8. The method of claim 6, wherein third process has a third priority level and 
the first process has a first priority level. 

o 

D 9. The method of claim 7, wherein the second process has a second priority 

P 15 level and the third process has a third priority level. 

m 
p.1 

O 10. The method of claim 1 , wherein determining the overapproximated path 

s 

O comprises the steps of: 

L applying a first fonnal method to augment the matrix, along the first 

20 dimension, until a time step is produced that comprises at least one state of the 
ry at least one first goal state; and 

applying a second formal method to lessen an amount of 
overapproximation of the matrix resulting from the first formal method. 

25 11. The method of claim 1 , wherein a first time-step of the matrix is comprised 
solely of a state or states reachable by the finite state machine in zero or more 
time-steps from the at least one input start state. 

12. A method of determining an overapproximated path in a finite state 
30 machine from an at least one first start state to an at least one first goal state, 
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performed by a data processing system having a memory, comprising tine steps 
of: 

applying a first formal metliod to augment a matrix, along a first 
dimension, until a time step of the first dimension is produced that comprises at 
5 least one state of the at least one first goal state; 

applying a second fomnal method to lessen an amount of 
overapproximation of the matrix resulting from the first formal method; and 

wherein the matrix is comprised of state sets, is organized by time-steps 
along a first dimension, is organized by partitions of state bits along a second 
10 dimension, and the first time-step of the matrix is comprised solely of one or 
more states reachable by the finite state machine in zero or more time-steps 
from the at least one first start state. 



13. The method of claim 12, wherein the second formal method narrows a 
p 15 target state set at a first time step by utilizing a first set of an earlier time step, 
fit wherein the first state set is in the fanin of target state set. 



14. The method of claim 12, wherein the second formal method narrows a 
target set at a first time step by utilizing a first state set at a later time step, 

20 wherein the first state set is in the fanout of target set. 

1 5. The method of claim 14, wherein the target set is a state set. 

1 6. The method of claim 14, wherein the target set is an input set. 

25 

17. The method of claim 14, wherein the second formal method also utilizes 
at least one sibling set at an earlier time step than the first state set, wherein the 
at least one sibling set is in the fanin of the first state set. 

30 1 8. The method of claim 1 7, wherein the at least one sibling set comprises a 
state set. 



Page 55 of 62 



06816.0036 
J.H. Kukula, et al. 

19. The method of claim 17, wherein the at least one sibling set comprises an 
input set. 

5 20. The method of claim 13, wherein the second formal method is applied to 
the matrix in response to an event narrowing the first set. 

21 . The method of claim 14, wherein the second formal method is applied to 
the matrix in response to an event narrowing the first state set. 

22. The method of claim 17, wherein the second formal method is applied to 
the matrix in response to an event narrowing an at least one sibling set, 

23. The method of claim 13, wherein the first set is a state set. 

24. The method of claim 13, wherein the first set is an input set. 

25. The method of claim 12, wherein the second formal method is applied as 
follows: 

retrieving a current target state set, of a first time step, from a list of 
foHA^ard narrowing targets; 

performing a fonA^ard narrowing of the current target state set, by utilizing 
a first set of a time step earlier than the first time step, wherein the first set is in 
the fanin of current target state set; 

identifying additional forward narrowing targets, resulting from the forward 
narrowing of the current target state set; 

adding the additional fonA^ard narrowing targets to the list of forward 
narrowing targets; 

repeating the above steps if the list of forward narrowing targets contains 
targets for forward narrowing. 
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26. The method of claim 23, wherein the list of forward narrowing targets is 
ordered by increasing time step of a target state set upon the addition of the 
additional fonA^ard narrowing targets. 

5 27. The method of claim 12, wherein the second formal method is applied as 
follows: 

retrieving a current state set, of a first time step, from a list of reverse 
narrowing sources; 

performing a reverse narrowing of a current target set, by utilizing the 
10 current state set, wherein the current target set is in the fanin of current state set 
and the current target set is at an earlier time step than the first time step; 

identifying additional reverse narrowing targets, resulting from the reverse 
h narrowing of the current target set; 

O adding the additional reverse narrowing sources to the list of reverse 

iji 15 narrowing targets based upon the identified additional reverse narrowing targets; 

•fy 

repeating the above steps if the list of reverse narrowing sources contains 
B State sets. 

28. The method of claim 27, wherein the list of reverse narrowing sources is 
20 ordered by decreasing time step of a state set upon the addition of the additional 

fU reverse narrowing sources. 

29. A data processing system having a memory, for determining an output 
sequence of states in a finite state machine from an at least one input start state 

25 to an at least one input goal state, comprising: 

a subsystem configured to determine an overapproximated path through 
the finite state machine, from an at least one first start state to an at least one 
first goal state, using a formal method, wherein the formal method is applied to a 
matrix comprised of state sets, the matrix being organized by time-steps along a 

30 first dimension and by partitions of state bits along a second dimension; 
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a subsystem configured to determine a formally constrained 
underapproximated path tliat lies along the overapproximated path, the 
constrained path being of at least one time-step and comprising at least one 
state of the finite state machine; 

a subsystem configured to combine the constrained underapproximated 
path with the output sequence of states such that an updated output sequence 
of states and an updated at least one first start state are determined; 

a subsystem configured to end a search, if the updated output sequence 
of states comprises at least one state of the at least one input start state and the 
at least one input goal state, but to othenft/ise repeat application of the above 
circuits. 

30. A data processing system having a memory, for determining an 
overapproximated path in a finite state machine from an at least one first start 
state to an at least one first goal state, comprising: 

a subsystem configured to apply a first formal method to augment a 
matrix, along a first dimension, until a time step of the first dimension is produced 
that comprises at least one state of the at least one first goal state; 

a subsystem configured to apply a second formal method to lessen an 
amount of overapproximation of the matrix resulting from the first formal method; 
and 

wherein the matrix is comprised of state sets. Is organized by time-steps 
along a first dimension, is organized by partitions of state bits along a second 
dimension, and the first time-step of the matrix is comprised solely of one or 
more states reachable by the finite state machine In zero or more time-steps 
from the at least one first start state. 

31 . A computer program product comprising: 

a computer usable medium having computer readable code embodied 
therein for causing a data processing system having a memory to determine an 
output sequence of states in a finite state machine from an at least one input 
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start state to an at least one input goal state, the computer program product 
including: 

computer readable program code devices configured to cause a computer 
to effect determining an overapproximated path through the finite state machine, 
5 from an at least one first start state to an at least one first goal state, using a 
formal method, wherein the formal method is applied to a matrix comprised of 
state sets, the matrix being organized by time-steps along a first dimension and 
by partitions of state bits along a second dimension; 

computer readable program code devices configured to cause a computer 
10 to effect determining a formally constrained underapproximated path that lies 
along the overapproximated path, the constrained path being of at least one 
time-step and comprising at least one state of the finite state machine; 

computer readable program code devices configured to cause a computer 
to effect combining the constrained underapproximated path with the output 
15 sequence of states such that an updated output sequence of states and an 
updated at least one first start state are determined; 

computer readable program code devices configured to cause a computer 
to effect ending a search, if the updated output sequence of states comprises at 
least one state of the at least one input start state and the at least one input goal 
20 state, but othen^^ise repeating the above steps. 

32. A computer program product comprising: 

a computer usable medium having computer readable code embodied 
therein for causing a data processing system having a memory to determine an 
25 overapproximated path in a finite state machine from an at least one first start 
state to an at least one first goal state, the computer program product including: 

computer readable program code devices configured to cause a computer 
to effect applying a first formal method to augment a matrix, along a first 
dimension, until a time step of the first dimension is produced that comprises at 
30 least one state of the at least one first goal state; 



Page 59 of 62 



06816.0036 
J.H. Kukula, et al. 

computer readable program code devices configured to cause a computer 
to effect applying a second fonnal method to lessen an amount of 
overapproximatlon of the matrix resulting from the first formal method; and 

wherein the matrix is comprised of state sets, is organized by time-steps 
5 along a first dimension, is organized by partitions of state bits along a second 
dimension, and the first time-step of the matrix is comprised solely of one or 
more states reachable by the finite state machine in zero or more time-steps 
from the at least one first start state. 

10 33. A data-carrying signal representing sequences of instructions which, when 
executed by a data processing system, cause determination of an output 
sequence of states in a finite state machine from an at least one input start state 
h to an at least one input goal state by perfomiing the steps of: 
y determining an overapproximated path through the finite state machine, 

P 15 from an at least one first start state to an at least one first goal state, using a 
fji formal method, wherein the formal method is applied to a matrix comprised of 
^ state sets, the matrix being organized by time-steps along a first dimension and 
O by partitions of state bits along a second dimension; 

U determining a formally constrained underapproximated path that lies along 

|: 20 the overapproximated path, the constrained path being of at least one time-step 
fy and comprising at least one state of the finite state machine; 

combining the constrained underapproximated path with the output 
sequence of states such that an updated output sequence of states and an 
updated at least one first start state are determined; 
25 ending a search, if the updated output sequence of states comprises at 

least one state of the at least one input start state and the at least one input goal 
state, but otherwise repeating the above steps. 

34. A data-carrying signal representing sequences of instructions which, when 
30 executed by a data processing system, cause determination of an 
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overapproximated path in a finite state machine from an at least one first start 
state to an at least one first goal state by performing the steps of: 

applying a first formal method to augment a matrix, along a first 
dimension, until a time step of the first dimension is produced that comprises at 
least one state of the at least one first goal state; 

applying a second formal method to lessen an amount of 
overapproximation of the matrix resulting from the first formal method; and 

wherein the matrix is comprised of state sets, is organized by time-steps 
along a first dimension, is organized by partitions of state bits along a second 
dimension, and the first time-step of the matrix is comprised solely of one or 
more states reachable by the finite state machine in zero or more time-steps 
from the at least one first start state. 
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